dosubot[bot] commented on issue #35797: URL: https://github.com/apache/superset/issues/35797#issuecomment-3442506501
<!-- Answer --> Pinning luxon to 3.6.1 in package.json fixes npm ci because npm ci enforces strict reproducibility: it requires package.json and package-lock.json to be in perfect sync, not just semver compatible. Even if 3.6.1 still satisfies ^3.5.0, npm ci will fail if the lockfile and manifest disagree, especially if npm or the registry changes how it validates or resolves dependencies. This is working as designed—npm ci is intentionally strict to guarantee reproducible builds, but this can be surprising when using semver ranges and not regularly updating lockfiles. Superset has hit this before; pinning the version is a known fix to restore npm ci reliability in these cases ([example](https://github.com/apache/superset/pull/30859), [issue](https://github.com/apache/superset/issues/33881)). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/d02d9a34-54f8-46a4-a446-2bb7f4e9b029?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/d02d9a34-54f8-46a4-a446-2bb7f4e9b029?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/d02d9a34-54f8-46a4-a446-2bb7f4e9b029?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/d02d9a34-54f8-46a4-a446-2bb7f4e9b029?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/d02d9a34-54f8-46a4-a446-2bb7f4e9b029?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/d02d9a34-54f8-46a4-a446-2bb7f4e9b029?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/d02d9a34-54f8-46a4-a446-2bb7f4e9b029?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=githu b) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/35797) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
